Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a6f51f7483...7d.exe

windows7-x64

7

a6f51f7483...7d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/02/2024, 04:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a6f51f748342c15c1bba7f24af4cf78881c03fecce722ece212137574873677d.exe

  • Size

    487KB

  • MD5

    a4445bb89915e444b9ac05b059049ce3

  • SHA1

    1efe22adb89b971fa2313f6122627375e57b1806

  • SHA256

    a6f51f748342c15c1bba7f24af4cf78881c03fecce722ece212137574873677d

  • SHA512

    6e99ec470a3dcee764ea9defa3692e5842b4064de7272c5f1746b3f0a7dc2e877429e07eb1e428299ab585e126b1d852fe7137bb96e0e4094416663186965036

  • SSDEEP

    6144:NuJPz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7E:y1gL5pRTcAkS/3hzN8qE43fm78V

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1204
      • C:\Users\Admin\AppData\Local\Temp\a6f51f748342c15c1bba7f24af4cf78881c03fecce722ece212137574873677d.exe
        "C:\Users\Admin\AppData\Local\Temp\a6f51f748342c15c1bba7f24af4cf78881c03fecce722ece212137574873677d.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1364
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a47BA.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2500
          • C:\Users\Admin\AppData\Local\Temp\a6f51f748342c15c1bba7f24af4cf78881c03fecce722ece212137574873677d.exe
            "C:\Users\Admin\AppData\Local\Temp\a6f51f748342c15c1bba7f24af4cf78881c03fecce722ece212137574873677d.exe"
            4⤵
            • Executes dropped EXE
            PID:2540
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1524
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2620
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2564

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        474KB

        MD5

        49d25f7edc57e78ded3a83c1f8e1f6f3

        SHA1

        81c2d584e3409a5cae8fcd856434d65278f6fddd

        SHA256

        360495e8156fc825fdf82a2358f54f101cbf25b39365b99003cdcaae249e1606

        SHA512

        52317cd28499a5387961d508118c9ab5d88937cca6e7440874a3ff9b5bc17398c1f4de1b7591e8064182586adec404376981801eaa215dab7daa75f51598dbc4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a47BA.bat
        Filesize

        722B

        MD5

        a137a9d62db63db024b2392d8be8278e

        SHA1

        8b1dd455f734f9f967074e3ce22916b0a33d8340

        SHA256

        c33266817b91f5521963315159430429da95f43c8176599eb26af1e91f03a04e

        SHA512

        b1546fd5701a2f06051e96f094867a67c68417c9185f79096739ecace8cbc86c3cae91d0fc07c15051dd4e4826acc9c01407c7ec611274e18d8c430b5b5da205

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\a6f51f748342c15c1bba7f24af4cf78881c03fecce722ece212137574873677d.exe.exe
        Filesize

        458KB

        MD5

        619f7135621b50fd1900ff24aade1524

        SHA1

        6c7ea8bbd435163ae3945cbef30ef6b9872a4591

        SHA256

        344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

        SHA512

        2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        29KB

        MD5

        d014f0d4e32db60ddeb4a1fb3d196b7d

        SHA1

        0aed23f1d71795bd8494f4b1cfbf379e6e5d3fa6

        SHA256

        c2f650792ca6a40a43bf6538def0d09a852985eaadbbdc69ff81d624b41a6061

        SHA512

        5410ad7edc070fd8a32f5a9f2ad2ea7451bd8bdef3c772568f91209b43c663ac252fd483096f17d560d0ba2655a9adb021fa7c9b5bc2646c9b6ace5a5d7d57e8

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-1650401615-1019878084-3673944445-1000\_desktop.ini
        Filesize

        9B

        MD5

        70eb801394f34df3f5d5478555204e02

        SHA1

        7da7e3e98fa5f4b19b7c862670f7bafd17e69dca

        SHA256

        e4693937004168f1be952c09866d8661d845e28e9a15f989ca440d499cfe76ec

        SHA512

        dae67b2c69a4ac6358f286e98d0eee9e97536cab4a24d99360b3556adcfdb00eded3ca6891843855e43b0c493dc99b60c8d01c72570eb6f7bcf0f4ff079bf98e

        Download Submit

      • memory/1204-28-0x0000000002D00000-0x0000000002D01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1364-15-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1364-0-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1524-20-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1524-37-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1524-43-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1524-89-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1524-95-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1524-246-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1524-1848-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1524-3308-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1524-30-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download